Recently, the threat actors behind the Qilin ransomware group added a significant amount of sensitive data belonging to the automotive parts supplier, Yanfeng, to their dark web leak site. It was reported that a disruption occurred at their North American manufacturing facilities on November 13th, but the company was not forthcoming with any additional information on the incident and has yet to release a statement regarding the disruptions. It is unclear how long Yanfeng officials will have to negotiate the release of their stolen data, but the Qilin leak site states that they will publish the data shortly.
ALPHV/BlackCat ransomware targets Fidelity National Financial
Early last week, officials for Fidelity National Financial (FNF) confirmed that they had fallen victim to a cybersecurity attack and were forced to take several of their internal systems offline. It is believed that the ALPHV/BlackCat ransomware group are responsible for the intrusion and the group has added FNF to their dark web leak site, though the threat actors have not confirmed if the attack resulted in the exfiltration of FNF data, as they are waiting for a negotiation response from the company.
Ardent Health Services falls victim to Thanksgiving ransomware attack
On Thanksgiving morning, staff at Ardent Health Services identified unauthorized activity on their internal network and were forced to take it offline while they began investigating. It was later revealed that the incident was a ransomware attack, though they have not confirmed if any information was stolen, or which ransomware group may have been responsible for the network breach. Fortunately, staff at many of the affected healthcare facilities are still able to process new patients and maintain basic emergency services.
Rhysida ransomware encrypts Slovenian power company
Recently, the state-owned Slovenian power company, Holding Slovenske Elektrarne (HSE), was the target of a ransomware attack by the Rhysida group, though they claim that power plant operations were unaffected. Unfortunately, the investigation has confirmed that several systems were encrypted and may have also been exfiltrated during the network breach. Though the Rhysida threat actors haven’t taken responsibility for this attack, this does continue the trend of ransomware groups targeting national infrastructure facilities.
AutoZone reveals breach as part of MOVEit data transfer vulnerability
Officials for the automotive retailer, AutoZone, have recently begun contacting customers regarding their data loss as part of the MOVEit file transfer vulnerability compromise that was carried out by the Cl0p ransomware group. After several months of investigation, AutoZone staff were able to finally confirm that nearly 185,000 customers had their data compromised during the breach and that they would provide identity monitoring services to all affected customers.
